W01f Labs

Pages

Sep 4, 2012

Is command line obsolete in Windows system? What can you do if have no GUI? How useful are Windows command to a hacker or pen-tester when they obtain a remote shell to a windows machine?

I have wrote an article titled "Command your Windows", which is published in this month PenTest magazine (September). In this article, I will be sharing on some of the useful windows commands that a hacker or pen-tester can use when obtaining a remote shell to the system.

Aug 3, 2012

My article on how to hack using Teensy was published in this month (July) issue of PenTest (Web App) Magazine . It is titled "Pentesting with Teensy", which talks about how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system.

May 31, 2012

I have recently wrote an article titled "WhatsApp InSecurity", which should be published on June issue of Hakin9 magazine. But due to some logistic issues, it is finally published on the July August issue. This article talks about how you can extract the message and photo that were send via WhatsApp.

Aug 14, 2010

Linkbucks.com website was found to be vulnerable to Cross Site Scripting(XSS) vulnerability, which could be exploited using malicious scripts.

Vulnerability Description:==================Linkbucks.com is a famous advertising network site that brings web users, websites and marketers together. The XSS vulnerability is found in the Default.aspx page. Script can be injected to the Message and Returnurl parameters. This can be exploited by injecting arbitrary HTML and malicious script code, which will execute in a user's browser session. Unvalidated redirection and forwarding is also possible.

Remediation:==========The Message and ReturnURL parameters need to be properly sanitized after a user's logging out. The Linksbuck support team was contacted on the vulnerability. The support ticket is "#KHT-97974-227" but so far no fixed was done.

Jun 30, 2010

Majority of online games uses Adobe Flash these days. While trying out this online games, i was surprised find out that there are still many unsecured flash games. Some are still sending the score in clear text (shown below). I think it is the basic for all online games to protect the score (or data) while submitting back to the server. I even created a simple Web challenge (Data Manipulation attacks for Web applications) on this flaw several months back, to teach and share this knowleadge.

Hashing, good enough?But there are others that try to protect the score that is transmit back to the server using hashing. They hash the score with a secret key or "Salt". It look safe to many by protecting the data transmission. But they did not protect the Flash itself. It can be easily decompiled to extract the key (shown below) or change the code. Flash code should be obfuscated so that decompiling could not be easily done.

Below is the example of the unsecured Flash game that i came across recently. I had inform their administrator about the possible hacking on their game but they never reply to find out more. So i decided to share some of my finding and show how easy it can be reverse engineered.

Below is function that calls the hashing and submit the user's info and score.

Below shows the "key" or "Salt" that is use for the hashing.

-Update on 19 Jul

After the programmer of the game (that i previously mentioned) tried to secure their code, they were hacked again. This time it looks like an Indonesian hacker, which uses the name "Rank 1 to 10 all cheated" in Bahasa Indonesia, put himself on the top of the score table (with obvious reason).

Looks like the programmer don't understand malay language at all as the name was listed for a few days and was not removed. Time for me to send them a note again.

Jun 8, 2010

While contributing to the OSVDB. I notice about the recent DoS (Denial of Service) vulnerability on the Internet Browser and decided to research on it.

Internet Browser such as IE and Firefox contains a flaw that may allow a remote denial of service. The vulnerability can be triggered when processing a web page with a large number of various invalid request such as NNTP, NEWS and Mailto. This may cause the system to crash due to high resources consumption.

Affiliates

Disclaimer

The knowledge and tools shared are for educational purposes. Implementing of the knowledge or tools may violate the laws in certain country. I shall not be liable to any wrong doing or violation of laws by anyone that uses the knowledge or tools that are recommended in this website.